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SYSTEM AND METHOD FOR PROVIDING 
ANONYMOUS REMAILING AND FILTERING 
OF ELECTRONIC MAIL 

CROSS REFERENCE TO RELATED 
APPLICATIGN 

This applications claims the benefit of U.S. Provisional 
Application Sen No, 60/057,132, filed on Aug. 28, 1997, and 
entitled "System and Method for Providing Anonymous 
Remailing and Filtering of Electronic Mail," commonly 
assigned with the present invention and incorporated herein 
by reference. 

The present invention is also related to that disclosed in 
Ser. No. 08/787,557, filed on Jan. 22, 1997, entitled "System 
and Method for Providing Anonymous Personalized Brows- 
ing in a Network" and commonly assigned with the present 
invention. 

TECHNICAL FIELD OF THE INVENTION 

The present invention is directed, in general, to computer 
networks and, more specifically, to a system and method that 
provides for anonymous transmission of electronic mail 
("e-mail") over a network and filtering of incoming e-mail 
based, at least in part, on the destination address of the 
e-mail. 

BACKGROUND OF THE INVENTION 

In recent years, the availabihty of more efficient, reliable 
and cost-effective computers and networking tools has 
allowed many companies and individuals (collectively, 
"users") to become involved in an ever-growing electronic 
community. The immeasurable gains in technology experi- 
enced by the computer industry overall have allowed these 
users to rely on commercially available computers, such as 
personal computers ("PCS"), to meet their information pro- 
cessing and communication needs. To that end, PC manu- 
facturers allow users to equip most PCS with an interface 
(such as a modem) that may be used for communication over 
networks, such as the Internet. The Internet is a well-known 
collection of networks (e.g., public and private voice, data, 
video and multimedia networks) that cooperate using com- 
mon protocols to form a worldwide network of networks. 

Cooperation often includes the communication of elec- 
tronic mail ("e-mail") from one user (a "sender**) to another 
(a "recipient"). One conventional e-mail protocol employed 
over the Internet, Standard Mail Transfer Protocol 
("SMTP"), mandates that each e-mail message body have a 
header that includes the sender's e-mail address (a "source 
address") and the recipient's e-mail address (a "destination 
address"). All well-known e-mail protocols mandate inclu- 
sion of a source address to allow the recipient to send e-mail 
back to the sender. 

Privacy has become a primary concern in today's 
computer-based society. Users want to be able to express 
themselves in words, sounds or pictures over a computer 
network, but may not want to be identified as the source. In 
particular, users want to keep their true identity secret, but 
still wish to receive e-mail addressed to them. This need for 
privacy spans the spectrum of communication, from busi- 
ness transactions to personal thoughts. Unfortunately, man- 
dated inclusion of the source address with the sender's 
e-mail gives away the sender's identity, compromising pri- 
vacy. 

One solution to this problem is a so-called "anonymous 
remailer." An anonymous remailer Ls a computer system, 
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coupled to the network, that allows bidirectional e-mail 
communication over the network without compromising the 
sender's identity. The recipient cannot discover the true 
identity of the sender unless the sender encloses identifying 
s information in the body of the e-mail message itself. 

Anonymous remailing is well known in the art. The most 
famous Internet remailer to date has been the Finnish 
"anon.penet.fi" remailer, which, at its zenith, boasted more 
than 500,000 users. 

To support bidirectional e-mailing, conventional remail- 
ers must maintain a translation table that correlates real user 
addresses and alias source addresses (usually taking the 
form "xxxxxx@remailer. address"). Upon receipt of a mes- 
sage from an anonymous sender, the remailer replaces the 
■^^ sender's real source address with a corresponding alias 
source address and rem ails the message to the intended 
recipient. The recipient can reply to the message, but only by 
using the anonymous sender's alias source address. Upon 
receipt of a reply from the recipient, the remailer substitutes 
the anonymous sender's real source address for the alias 
source address and rem ails the reply to the anonymous 
sender. 

The main problem with conventional remailers is the 
2j translation table itself. Because the table contains detailed 
real source addresses and the correlations between such real 
source addresses and alias source addresses, both hackers 
and law enforcement agencies covet it. Thus, the person 
maintaining the remailer must both protect the translation 
table from hackers and face thorny legal questions about the 
privacy of the senders who trust him to protect their true 
identity. 

Even though a sender may preserve his anonymity by 
using an anonymous remailer, he still may be subjected to 

35 receiving a barrage of unsolicited, usually computer- 
generated e-mail ("junk" e-mail or "spam," in today's Inter- 
net parlance), because the sender still may be reached via his 
alias source address. Currently, the only automatic way to 
protect against such unsolicited e-mail is to filter based on 

40 the source address contained in the header or specific words 
contained in the body. Unfortunately, filtering based on 
source address or words in the body of the message is cmde 
at best, risking both the unintended deletion of valid e-mail 
messages and unintended retention of junk. Of course, 

45 manual filtering remains an option, but at the cost of time 
and with the risk of exposure to any offensive subject matter 
contained in such e-mail messages. 

Therefore, what is needed in the art is an improved 
remailer, a method of remailing and a more effective way to 

50 filter unsolicited e-mail messages automatically. 

SUMMARY OF THE INVENTION 

To address the above-discussed deficiencies of the prior 
art, the present invention introduces a system for and method 

55 of, generating an alias source address for an electronic mail 
("e-mail") message having a real source address and a 
destination address and a computer network, such as the 
Internet, including the system or the method. In one 
embodiment, the system includes an alias source address 

60 generator that employs the destination address to generate 
the alias source address. The system further includes an alias 
source address substitutor that substitutes the alias source 
address for the real source address. This removes the real 
source address from the e-mail message and thereby renders 

65 the sender, located at the real source address, anonymous. 
The system further includes an e-mail forwarder that 
receives e-mail addressed to the alias source address, com- 
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putes the real source address, and forwards the e-mail to the 
real source address. 

The sender is therefore provided with a set of alias source 
addresses that may, in some embodiments of the present 
invention, be unique to each destination address. However, 5 
since the system automatically provides generation and 
substitution of source addresses, the user is freed of the task 
of tracking multiple alias source addresses. 

In one embodiment of the present invention, the alias 
source address includes an encrypted version of the real 
source address, among other information. In this way, the 
e-mail forwarder can compute the real source address given 
the alias source address without any need for a translation 
table from alias source addresses to real source addresses. 
Another advantage of this embodiment is that the alias 
generator does not have to communicate with the e-mail ^ 
forwarder. Thus the system may comprise any number of 
alias generators and any number of e-mail forwarders. Alias 
generators and e-mail forwarders may be added and 
removed from the system at any time. 

In one embodiment of the present invention, the system 
further includes an e-mail filter capable of filtering incoming 
reply mail based on the alias source address. By causing the 
alias source address to depend upon the destination address, 
a single sender can have a set of different alias source 
addresses, allowing the sender to filter incoming reply mail, 25 
if he so desires, based upon alias source address. Purveyors 
of junk e-mail can obscure their identity or the content of an 
unwanted message by many means, but if they want to send 
e-mail successfully to that sender, they must address it to the 
sender*s exact same alias source address. The alias source 30 
address, when thus used as a destination address, provides 
users an effective way to filter junk e-mail and to determine, 
if they so desire, where the junk e-mail purveyor obtained 
the alias source address. 

The ability to filter e-mail based on the alias source 
address is independent of the particular method of genera- 
tion of the alias source address. To allow e-mail filtering by 
this method, the alias source address should depend upon the 
destination address. The alias source address generator may 
advantageously have one or more of the following three 
attributes: (1) consistency (the same alias is presented to the 
same destination), (2) uniqueness (the probability is low that 
two destinations are given the same alias) and (3) privacy 
(the recipient cannot determine the real source address given 
the alias source address). 

In one embodiment of the present invention, the system 
takes the form of a remote anonymous remailer with which 
the sender must communicate over a network. In an alter- 
native embodiment, the system executes locally on the 
sender's computer. As the sender generates e-mail messages, 
alias source addresses are determined and added, eliminat- 50 
ing a need for the remote anonymous remailer. 

The foregoing has outlined, rather broadly, preferred and 
alternative features of the present invention so that those 
skilled in the art may better understand the detailed descrip- 
tion of the invention that follows. Additional features of the 
invention will be described hereinafter that form the subject 
of the claims of the invention. Those skilled in the art should 
appreciate that they can readily use the disclosed conception 
and specific embodiment as a basis for designing or modi- 
fying other structures for carrying out the same purposes of 
the present invention. Those skilled in the art should also 
realize that such equivalent constructions do not depart from 
the spirit and scope of the invention in its broadest form. 

BRIEF DESCRIPTION OF THE DRAWINGS ^5 

For a more complete understanding of the present 
invention, reference is now made to the following descrip- 
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tions taken in conjunction with the accompanying drawings, 
wherein like numbers designate like objects, and in which: 

FIG, 1 illustrates a high-level block diagram of an exem- 
plary distributed network with which the principles of the 
present invention may be suitably used; 

FIG. 2 illustrates a block diagram of a computer system 
that may be employed in the network of FIG. 1 to provide 
an environment within which the present invention can 
operate; 

FIG, 3 illustrates a flow diagram of one specific embodi- 
ment of a method of generating an alias source address for 
an e-mail message having a real source address and a 
destination address; and 

FIG. 4 illustrates a flow diagram of one specific embodi- 
ment of a method of filtering unwanted e-mail messages 
based on alias source addresses and forwarding e-mail to the 
real source address. 

DETAILED DESCRIPTION 

Referring initially to FIG. 1, illustrated is a high-level 
block diagram of an exemplary distributed network 
(generally designated 100) with which the principles of the 
present invention may be suitably used to provide an anony- 
mous remailer that operates without a translation table and 
assigns destination-dependent alias source addresses to a 
sender's e-mail. The distributed network 100 illustratively 
includes a plurality of computer systems llOa, llOb, 110c, 
llOrf, llOe, 110/, llOg, llO/i, 110/ that are Ulustratively 
coupled together to form the Internet 115. The Internet 115 
includes the World Wide Web, which is not a network itself, 
but rather an "abstraction" maintained on top of the Internet 
115 effected by a combination of browsers, server sites (as 
may be hosted on the plurality of computer systems 110a, 
1106, 110c, llOrf, llOe, 11% llOg, llO/i, 1100, HyperText 
Markup Language ("HTML") pages and the like. 

Although the illustrated embodiment is suitably imple- 
mented for and used over the Internet 115, the principles and 
broad scope of the present invention may be associated with 
any appropriately arranged computer, communications, 
multimedia or other network, whether wired or wireless. 
Further, though the principles of the present invention are 
illustrated using a single computer system, such as one of the 
plurality of computer systems 11 Oa, 11 0^;, 110c, llO^i, llOe, 
110/, llOg, llO/i, llOi, alternate embodiments within the 
scope of the same may include more than a single computer 
system. 

The exemplary network 100 is assumed to include a 
plurality of (assumed) insecure communication channels 
that operate to intercouple ones of the various computer 
systems 110a, 1106, 110c, llOd, llOe, 110/ llOg, UO/i, 110/ 
of the network 100. The concept of communication channels 
is known and allows insecure communication of information 
among ones of the intercoupled computer systems (the 
Internet employs conventional communication protocols, 
such as SMTP, that are also known). A distributed network 
operating system executes on at least some of computer 
systems 110a, 1106, 110c, 110c/, llOe, 110/, llOg, llO/i, 110/ 
and may manage the insecure communication of information 
therebetween. Distributed network operating systems are 
also known. 

FIG. 1 also illustrates first and second user's computer 
systems 105a, 1056, which are assumed, for purposes of the 
following discussion, to be associated with an e-mail sender 
and an e-mail recipient, respectively, llius, a sender may 
apply his real source address and a destination address 
corresponding to the recipient to a particular e-mail message 
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and send the e-mail message to the recipient via the network Web form that asks the user to provide an e-mail address. 

100 and the second user's computer. From the MD5 hash value, two non-overlapping bit fields 

ThG first user's computer system may be associated with are obtained. In the illustrated embodiment, the first bit field 

a particular computer system llQa (such association denoted is two bits long and the second bit field is eight bits long, 
by a broken line 120. The particular computer system 110a 5 Like compression, computation of a hash value is purely 

acts as a home site for the first user's computer system and optional. The only important aspect of the step 330 is that the 

a provider of Internet service. alias source address is caused to be based on the destination 

TViming now to FIG. 2, illustrated is a block diagram of address of the e-mail message. Modification of the destina- 

data processing and storage circuitry, generally designated tion address is not required to base the alias source address 

200, that may be employed in the network of FIG. 1 to thereon (as will be seen below in the description of a more 

provide an environment within which the present invention trivial method). 

can operate. The circuitry 200 comprises a processor 210, Next, in a step 340, n null bytes are appended to the 

volatile memory 220, a nonvolatile mass storage unit 230 compressed real source address, where n equals the value of 

and communication circuitry 240. the first bit field. Appending the null bytes obscures the true 

The circuitry 200 illustrated in FIG. 2 is intended to length of the real source address. Also in the step 340, the 

represent a wide array of computing platforms. Accordingly, second bit field is appended to a secret key stored locally in 

the circuitry 200 may be a mainframe, minicomputer or the remailer, thereby producing an expanded secret key 

personal computer ("PC")- The present invention is not unique to the destination address. While appending null 

limited whatsoever to a particular class of computing plat- bytes obscures the true length of the real source address, 

form. With reference back to FIG. 1 and continuing refer- appending is unnecessary to the broad scope of the present 

ence to FIG. 2, each of the plurality of computer systems invention. 

llOfl, 110/7, 110c, llOrf, llOe, 110/, llOg, llO/i, llOi and the Next, in a step 350, the compressed real source address 

first and second user's computer systems lOSa, IQSb may (with appended null bytes) is encrypted according to, for 

have the circuitry illustrated in FIG. 2 associated therewith. example, the Data Encryption Standard ("DES") using the 

The present invention may be embodied as a sequence of expanded secret key unique to the destination address as an 

instructions executable in the data processing and storage encryption key. Multiple DES passes may be employed 

circuitry 200 to yield an alias source address generator, an farther to enhance security. 

alias source address substitutor, a real source address Of course, the type of encryption applied is unimportant, 

generator, a real source address substitutor and an e-mail Encryption does need not to be DES and does not need to be 

filter as the present invention provides. symmetrical. In fact, the present invention does not require 

Turning now to FIG. 3, illustrated is a flow diagram of one encryption whatsoever, 

highly specific embodiment of a method, generally desig- Next, in a step 360, the second bit field is appended to the 

nated 300, of generating an alias source address for an encrypted compressed real source address. The result is 
e-mail message having a real source address and a destina- 35 passed through an m-base conversion (m being any desired 

tion address. The method 300 may be embodied in an alias number) to obtain a desired string. For a printable alphanu- 

source address generator. meric string including both uppercase and lowercase 

It should be stated at this point in the discussion that the characters, a base-64 conversion can be used. If only low- 
method 300 is nothing more than one example of a way to ercase or only uppercase characters are desired, a base-32 
generate an alias source address from a real source address. 40 conversion can be used. 

ITie present invention requires none of the specifically- Themethod300endsinanendstep370, derivation of the 

recited steps. Instead, the present invention requires only ahas source address having been accomphshed. As with all 

that the resulting alias source address depend on the desti- of the other steps 310, 320, 330, 340, 350, the step 360 is 

nation address. The alias source address generator may unnecessary, imless the desired result is an alias source 
advantageously have one or more of the following three 45 address consisting of a printable string of characters, 

attributes: (1) consistency (the same ahas is presented to the The alias source address may then be substituted for the 

same destination), (2) uniqueness (the probability is low that real source address, perhaps with an aUas source address 

two destinations are given the same afias) and (3) privacy substitutor. 

(the recipient cannot determine the real source address given Employing the above <lescribed exemplary method 300 to 
the aUas source address). 5q an e-mail message having a real source address of, for 

The method begins in a start step 310, wherein an e-mail example, "foo_bar@belMabs.com" and a destination 

message to be rcmailcd is received from a sender at a address of "www.yahoo.com" can be converted to "wxOn- 

remailer that operates according to the principles of the IqlUUEXJxzwVSsQCgW". This can be pre-appended to the 

present invention. The sender's real source address is read domain name and top-level domain of an exemplary 
from the e-mail message and compressed in a step 320 to 55 remailer to yield: "wxOnlqlUUEXJxzwVSsfKgW@lpwa. 

ensure that the alias source address that results when the com", a deslination-address-specific, SMTP-valid, alias 

method 300 is complete is not excessively long. Compres- source address. 

sion may, in the illustrated embodiment, be variable-length Employing a less complex method wherein the 

compression that depends upon the character set used in the compressing, hashing, appending and encrypting, as set 
sender's mailbox name, domain name and top-level domain. 60 forth in the method 300 above, do not occur can yield 

The compression step is, of course, purely optional, dififereni results. For example, an e-mail message having a 

Following compression, the method 300 continues in a real source address of, for example, "foo_bar@belI- 

step 330, wherein a hash value of the destination address of labs.com" and a destination address of "www.yahoo.com" 

the e-mail message is computed by means of the well-known can be converted to "fDo_bar.bell-labs.com. www. yahoo- 
MD5 algorithm, llie destination address may be the domain 65 .com" (nothing more than a trivial string concatenation), 

part of a destination e-mail address, or it may be the host part lliis can be pre-appended to the domain name and top-level 

of a Uniform Resource Ijoca tor ("URL") of a World Wide domain of an exemplary remailer to yield: 
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"www.yahoo.com.foo_bar.bell-labs.com@lpwa.com". This 
far less complex (and less secure) method falls well within 
the broad scope of the present invention, as well. Note that 
the steps set forth in the method 300 are not employed in the 
less complex method. 5 

Several things regarding the above-described method 300 
should be noted. First, the secret key is the only data 
required to be stored at the remailer site. All of the remaining 
data are contained in the e-mail message itself. Thus, the 
translation table of conventional remailers is avoided. The 10 
secret key can, in fact, be compiled into the software that 
constitutes the remailer. 

Second, many World Wide Web sites impose limits on the 
length of an e-mail address they will accept in a form. Since 
the method 300 produces an alias source address that is 
longer than the real source address, the real source address 
is initially compressed to reduce the extent to which the 
length of the alias source address exceeds the length of the 
real source address. Should certain sites truncate the result- 
ing alias source address, reply mail employing the truncated 
alias source address will be lost. 

Third, the number of distinct destination -address-specific 
alias source addresses generated for the same real source 
address is limited to two to the power of n, where n is the 
total length of the bit fields computed in step 330. In the 
illustrated embodiment, the number of destination-address- 
specific alias source addresses generated for the same real 
source address is 1024. This should prove adequate for most 
purposes. If the second bit fields were longer, the alias 
source address space would correspondingly increase. 
However, it should particularly be noted that the resulting 
alias source addresses remain unique to the sender, even if 
they do overlap destinations. 

Fourth, the above-described method 300 employs DES, a ^5 
well-known secret key encryption algorithm that conven- 
tionally operates on a 56 bit key. Since eight of the bits come 
from the second bit field, the secret key is 48 bits long. If 
encryption stronger than effective 48 bit DES is desired, 
multiple DES passes can be used. ^ 

The step 350 of the above described method 300 may 
employ other symmetric encryption algorithms, such as 
IDEA, or an asymmetric encryption algorithms, such as 
RSA, instead of DES. Furthermore, the step 350 of the 
above described method 300 may employ other one-way 45 
hash functions, such as SHA, instead of MD5. Also, the 
steps 310, 320, 330, 340, 350, 360 of the method 300 may 
performed in any order, omitted or performed multiple 
times, as may be appropriate to degrade or enhance security, 
anonymity, speed or complexity or to accommodate other 50 
design considerations. 

Finally, it should be noted that the method 300 is fully 
reversible, allowing an alias source address (usually con- 
tained in a reply e-mail) to be translated back into a real 
source address for forwarding back to the original sender. 55 
This is accomplished by reversing the m-base conversion, 
stripping the second bit field, decrypting (or multiply- 
decrypting) the resulting string using the stored secret key 
and appended second bit field, stripping the null bytes and, 
finally, decompressing the result to yield the real source 60 
address. It should be understood, however, that the present 
invention is not limited to reversible methods, and can be 
made only to support unidirectional remailing. 

Turning now to FIG. 4, illustrated is a flow diagram of one 
embodiment of a method, generally designated 400, of 65 
filtering unwanted e-mail messages based on alias source 
addres.ses and forwarding e-mail messages to the real source 
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address. The method 400 may be carried out in an e-mail 
filter. The described embodiment of the e-mail forwarder 
consists of the real source address generator and the real 
source address substituter. 

In one embodiment of the present invention, the system 
further includes an e-mail filter capable of filtering incoming 
reply mail based on the alias source address. By causing the 
alias source address to depend upon the destination address, 
a single sender can have different ahases, allowing the 
sender to filter incoming reply mail, if he so desires, based 
upon the alias source address. Purveyors of junk e-mail can 
obscure their identity or the content of an unwanted message 
by many means, but if they want their e-mail to be returned 
successfully to the sender at his real source address, they are 
constrained to use exactly the same alias source address, 
thereby providing an effective basis for filtering junk e-mail 
and determining, if they so desire, from what destination 
address the purveyor obtained the alias source address. 

At this point, terminology can become confusing, 
because, in the context of a reply, the recipient of the original 
e-mail message originates a reply e-mail message and 
thereby becomes a sender in his own right. Accordingly, to 
reduce the confusion, the recipient will continue to be called 
the "recipient" and the sender will continue to be called the 
"sender," even though it is understood that the reply e-mail 
is traveling fi-om the "recipient" to the "sender," 

Accordingly, the method 400 begins in a start step 410 
and proceeds to a step 420, wherein a reply e-mail message 
is received from the recipient. The method 400 continues in 
a step 430, wherein the alias source address is read from the 
reply e-mail message. Next, the alias source address is 
compared to alias source addresses contained in a sender- 
supplied list of rejected alias source addresses in a decisional 
step 440, 

If the alias source address matches one of the items in the 
list (taking the YES branch of the decisional step 440, the 
reply e-mail is deleted and the sender spared of its receipt. 
If the alias source address does not match any of the items 
in the list (taking the NO branch of the decisional step 440, 
the method continues in a step 450 wherein the sender's real 
source address is derived (perhaps by reversing the exem- 
plary method 300 described above or perhaps by way of a 
real source address generator that generates a real source 
address from an alias source address) and substituted into 
the reply e-mail for the alias source address, perhaps by way 
of a real source address substitutor. 

Next, the reply-e-mail is forwarded to the sender in a step 
460. The method ends in an end step 470, filtered forwarding 
having been accomplished. 

As with the method 300, the steps 410, 420, 430, 440. 
450, 460 of the method 400 may performed in any order, 
omitted or performed multiple times, as may be appropriate 
to degrade or enhance security, anonymity, speed or com- 
plexity or to accommodate other design considerations. 

In an alternative method to the above, the remailer can 
simply move the alias source addresses of reply e-mail to a 
field in the header or to the body of the reply e-mail and 
forward the reply e-mail to the sender without filtering. 'Ilie 
sender's e-mail client program can then filter the e-mail 
based upon criteria the sender has supplied. 

Because the alias source address is keyed to the destina- 
tion address of the sender-originated e-mail, the sender can 
filter incoming reply e-mail destined for a particular alias 
source address and be assured that his other alias source 
addresses are unaffected. The recipient has no leeway to 
alter the alias source address if he wants the reply e-mail to 
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be delivered to the appropriate sender. Thus, unwelcome 
reply e-mail cannot disguise itself. 

Although the present invention has been described in 
detail, those skilled in the art should understand that they can 
make various changes, substitutions and alterations herein 5 
without departing from the spirit and scope of the invention 
in its broadest form. 

What is claimed is: 

1. A system for generating an alias source address for an 
electronic mail (e-mail) message having a real source and a 30 
destination address, comprising: 

an alias source address generator that employs said des- 
tination address to generate said alias source address; 

an alias source address substitutor that substitutes said 
alias source address for said real source address, 
wherein said real source address is removed from said 
e-mail message; and 

an e-mail filter configured to filter incoming reply mail by 
decoding a recipient address of said incoming reply 
mail to determine said destination address for which 
said alias source address was originally generated and 
validating said destination address against a sender 
address of said incoming reply mail to ensure said 
incoming reply mail originated from said destination 
address. 

2. The system as recited in claim 1 wherein said alias 
source address generator employs a real source address of 
said e-mail message and said destination address to generate 
said alias source address. 

3. The system as recited in claim 2 wherein said alias 
source address generator compresses said real source 
address to generate said alias source address. 

4. The system as recited in claim 1 wherein said alias 
source address generator employs a secret key to generate 
said alias source address. 

5. The system as recited in claim 1 further comprising: 
a real source address generator that generates a real source 

address from said alias source address; and 
a real source address substitutor, coupled to said real 
source address generator, that substitutes said real 
source address for said alias source address, said real 
source address generator and substitutor capable of 
cooperating to allow e-mail directed to said alias source 
address to be routed to said real source address, said 45 
system functioning as an e-mail forwarder. 

6. The system as recited in claim 1 wherein said alias 
source address is longer than said real source address. 

7. A method of generating an alias source address for an 
electronic mail (e-mail) message having a real source 
address and a destination address, comprising the steps of: 

generating said alias source address based on said desti- 
nation address; 

substituting said alias source address for said real source 
address, wherein said real source address is removed 55 
from said e-mail message; and 

filtering incoming reply mail by decoding a recipient 
address of said incoming reply mail to determine said 
destination address for which said alias source address 
was originally generated and validating said destination 60 
address against a sender of said incoming reply mail to 
ensure said incoming reply mail originated fi-om said 
destination. 

8. The method as recited in claim 7 wherein said step of 
employing comprises the step of employing a real source 65 
address of said e-mail message and said destination address 

to generate said alias source address. 



9. The method as recited in claim 8 wherein said step of 
employing comprises the step of compressing said real 
source address to generate said alias source address. 

10. The method as recited in claim 7 wherein said step of 
employing comprises the step of employing a secret key to 
generate said alias source address. 

11. The method as recited in claim 7 further comprising 
the steps of: 

generating a real source address from said alias source 
address; and 

substituting said real source address for said alias source 
address to allow e-mail directed to said alias source 
address to be routed to said real source address thereby 
to forward said e-mail. 

12. The method as recited in claim 7 wherein said alias 
source address is longer than said real source address. 

13. A remailer for coupling to at least one of a plurality of 
computer systems of a computer network, for generating an 
alias source address for, and re mailing, an e-mail message, 
comprising: 

an alias source address generator that employs a destina- 
tion address of said one of said e-mail messages to 
generate said alias source address; 

an alias source address substitutor that substitutes said 
alias source address for said real source address of said 
one of said e-mail messages, wherein said real source 
address is removed from said one of said e-mail mes- 
sages; 

data transmission circuitry that rem ails said one of said 
e-mail messages to said destination address; and 

an e-mail filter configured to filter incoming reply mail by 
decoding a recipient address of said incoming reply 
mail to determine said destination address for which 
said alias source address was originally generated and 
validating said destination address against a sender 
address of said incoming reply mail to ensure said 
incoming reply mail originated from said destination 
address. 

14. The remailer as recited in claim 13 wherein said alias 
source address generator employs a real source address of 
said e-mail message and said destination address to generate 
said alias source address. 

15. The remailer as recited in claim 14 wherein said alias 
source address generator compresses said real source 
address to generate said alias source address. 

16. The remailer as recited in claim 13 wherein said alias 
source address generator employs a secret key to generate 
said alias source address. 

17. The remailer as recited in claim 13 wherein said 
remailer further includes: 

a real source address generator that generates a real source 
address from said alias source address; and 

a real source address substitutor, coupled to said real 
source address generator, that substitutes said real 
source address for said alias source address, said real 
source address generator and substitutor capable of 
cooperating to allow e-mail directed to said alias source 
address to be routed to said real source address, said 
remailer thereby functioning as an e-mail forwarder. 

18. The remailer as recited in claim 13 wherein said alias 
source address is longer than said real source address. 

19. A system for generating an alias source address for an 
electronic mail (e-mail) message having a real source 
address and a destination address, comprising: 

an alias source address generator that employs said des- 
tination address to generate said alias source address; 
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an alias source address inserter that places said alias 
source address in said e-mail message as at least part of 
an address; and 

an e-mail filter configured to filter incoming reply mail by 
decoding a recipient address of said incoming reply 
mail to determine said destination address for which 
said alias source address was originally generated and 
validating said destination address against a sender 
address of said incoming reply mail to ensure said 
incoming reply mail originated from said destination 
address. 

20. The system as recited in claim 19 wherein said alias 
source address generator employs a real source address of 
said e-mail message and said destination address to generate 
said alias source address. 

21. The system as recited in claim 20 wherein said alias 
source address generator compresses said real source 
address to generate said alias source address. 

22. The system as recited in claim 19 wherein said alias 
source address generator employs a secret key to generate 
said alias source address. 

23. The system as recited in claim 19 further comprising: 
a real source address generator that generates a real source 

address from said alias source address; and 
a real source address inserter, coupled to said real source 
address generator, that places said real source address 
in said e-mail message. 

24. The system as recited in claim 19 wherein said alias 
source address is longer than said real source address. 

25. A system for generating an electronic mail (e-mail) 
message that comprises: 

a destination address; 

a generated alias source address based on said destination 
address and is at least part of an address of said e-mail 
message; and 

an e-mail filter configured to filter incoming reply mail by 
decoding a recipient address of said incoming reply 
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mail to determine said destination address for which 
said alias source address was originally generated and 
validating said destination address against a sender 
address of said incoming reply mail to ensure said 
incoming reply mail originated from said destination 
address. 

26. The system as recited in claim 25 wherein said alias 
source address is a function of said destination address. 

27. The system as recited in claim 25 wherein said alias 
source address is further based on a real source address of 
said e-mail message. 

28. The system as recited in claim 25 wherein said system 
is operable on an e-mail sender's computer. 

29. A method of generating an electronic mail (e-mail) 
message, comprising the steps of: 

placing a destination address on said e-mail message; 
generating an alias source address based on said destina- 
tion address; 

placing said alias source address on said e-mail message 
as at least part of an address of said e-mail message; 
and 

filtering incoming reply mail by decoding a recipient 
address of said incoming reply mail to determine said 
destination address for which said alias source address 
was originally generated and validating said destination 
address against a sender address of said incoming reply 
mail to ensure said incoming reply mail originated from 
said destination address. 

30. The method as recited in claim 29 wherein said alias 
source address is a function of said destination address. 

31. The method as recited in claim 29 wherein said alias 
source address is further based on a real source address of 
said e-mail message. 

32. The method as recited in claim 29 wherein said 
method is carried out in an e-mail sender's computer. 



04/23/2004, EAST Version: 1.4.1 



